GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » TAGWORX.CMS "cid" and "nid" Parameter Handling Remote SQL Injection Vulnerabilities

 

Release Date: 20/05/2008 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1021235 Cause: Input validation error
Solution Status: Vendor Patch Impact: SQL Injection
Exploit Status: PoC Available Access Vector: From remote
 
Affected Software: TAGWORX.CMS 3.x
 
References: http://milw0rm.com/exploits/5642
FrSIRT/ADV-2008-1561
CVE: CVE-2008-2394
Secunia: SA30149

 

Description:

Multiple input validation vulnerabilities in TAGWORX.CMS have been reported, which can be exploited by remote users to conduct SQL injection attacks.

User-supplied input passed to the "cid" parameter in contact.php and "nid" in news.php is not properly sanitised before being used in SQL queries. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.

 

Affected:

TAGWORX.CMS version 3.00.02. Other versions may also be affected.

 

Proof of Concept:

SQL Injection:
http://[target]/contact.php?cid=[SQL]
http://[target]/news.php?nid=[SQL]

 

Solution:

The vulnerability has been reportedly fixed, please contact the vendor for further information.

 

Credits:

dun

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.